Session Variables Unreliable? Please help!

Session Variables Unreliable? Please help!

am 28.12.2007 17:16:04 von RyanRitten

I am making a website where users must log in. I want to somehow
remember they are logged in regardless of what links they click on the
site. I've read the best way to do this is to use session variables.
Each page will check to see if a certain session variable exists and
if it does, they are logged in.

I thought this is how all websites with log in pages do it. But then
I read that sesion variables place a cookie on the clients computer.
What happens if the client has cookies turned off? It appears that
session variables will not get saved and if a user clicks on a link
they will be told they are no longer logged in.

What am I missing? How do all the websites out there that require you
to be logged in get around people that have cookies turned off?

Thanks so much for any help you can give!

Ryan Ritten

Re: Session Variables Unreliable? Please help!

am 28.12.2007 17:37:28 von exjxw.hannivoort

RyanRitten wrote on 28 dec 2007 in
microsoft.public.inetserver.asp.general:

> I am making a website where users must log in. I want to somehow
> remember they are logged in regardless of what links they click on the
> site. I've read the best way to do this is to use session variables.
> Each page will check to see if a certain session variable exists and
> if it does, they are logged in.
>
> I thought this is how all websites with log in pages do it. But then
> I read that sesion variables place a cookie on the clients computer.
> What happens if the client has cookies turned off? It appears that
> session variables will not get saved and if a user clicks on a link
> they will be told they are no longer logged in.

True, but why do you call that unreliable?

If the pc is turned of, they will also lose the session.

> What am I missing? How do all the websites out there that require you
> to be logged in get around people that have cookies turned off?

No, only if they have session cookies, alias ram cookies, turned off.

That is their choice, they obviously do not want to be in a session.

If you programme around it, using querystring session identification and
your own serverside database, then, IMHO, the reliability will go down
indeed.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)